Blog Posts Tagged with "Browser Security"

Chrome users have almost no way of evaluating the trustworthiness of Chrome extension publishers because Google doesn’t have any reputation ranking system, nor does it review applications and extensions before they’re published...

Enterprises seem to have a love-hate relationship with Java. It's a client we aren't thrilled with, but when it comes to cross-platform use there aren't really any other alternatives. If you look around you'll find that many of the security platforms are written in what? Java...

Do Not Track combines both technology (a signal transmitted from a user) as well as a policy framework for how companies that receive the signal should respond. The following tutorial walks you through the enabling Do Not Track in the four most popular browsers: Safari, Internet Explorer 9, Firefox, and Chrome...

You should acknowledge that Cookies are widely used and can't really be avoided. If you wish to enjoy your internet surfing experience by navigating to “cookie creating websites” you should have a clear understanding of how cookies operate, and how to protect them from being abused...

This doesn’t mean Twitter will stop collecting all data on you. They’ll still be able to collect aggregate data about your browsing habits for analytics and security, but they won’t set a cookie and they won’t use data to suggest users to you or for tailoring your Twitter experience...

These principles won’t be sufficient when you’re in high-risk locales and they won’t stop a targeted attack, but they will make it less likely that you’ll suffer a serious breach because of poor security habits or over-reliance on antivirus or firewall applications...

The open source browser can now function like a bot and accept commands. It can process the content of the current page where it is located, redirect the user, halt the loading of particular pages, steal passwords, run executables, and even kill itself...

Using the HTTP specified usage for GET and POST, in which GET requests never have a permanent effect, while good practice is not sufficient to prevent CSRF. Attackers can write JavaScript or ActionScript that invisibly submits a POST from to the target domain...

This attack is theoretically possible because the DNS is a hierarchy. At the top level are 13 servers. Disrupt them and you could disrupt the entire DNS network. Authorities know this and they put a lot of effort into ensuring that the DNS network can cope with a DOS attack...

There is ample evidence mobile applications are exceeding the privacy expectations of users. The first implementation of Do Not Track on a mobile OS is a big step toward ensuring users have a meaningful choice when it comes to digital tracking...

The fake YouTube page attacks users in two ways: it requires you to enter your YouTube login credentials in order to leave comments, and it installs malware disguised as an Adobe Flash Player update. To see if you have been infected, look for the following files...

DHS ranks the CSRF vulnerability as the 909th most dangerous software bug, more dangerous than most buffer overflows. CSRF vulnerabilities can result in remote code execution with root privileges or compromise root certificates, completely undermining a public key infrastructure...

EFF frequently recommends that Internet users who are concerned about protecting their anonymity and security online use HTTPS Everywhere, which encrypts your communications with many websites, in conjunction with Tor, which helps to protect your anonymity online...

"Data protection is fast becoming a product and service differentiator. It is incumbent on business leaders to take a holistic view of these issues and understand how they are undermining consumer trust. Now is the time for businesses to make data protection a priority..."

Google has released Chrome 17.0.963.65 for Windows, Macintosh, Linux and Google Chrome Frame which provides fixes for multiple vulnerabilities identified may have allowed for denial-of-service (DoS) attacks or the execution of malicious arbitrary code...

Online Trust Alliance (OTA) is calling on the security, business and interactive advertising communities to adopt Always On SSL (AOSSL), the approach of using SSL/TLS across your entire website to protect users with persistent security, from arrival to login to logout...